Hi, >From the unveil manpage:
The first call to unveil() removes visibility of the entire filesystem from all other filesystem-related system calls (such as open(2), chmod(2) and rename(2)), except for the specified path and permissions. Can the first call also be the last? I have a test program called unveiltest.c and it does the following: ----paste----> #include <sys/types.h> #include <unistd.h> #include <fcntl.h> #include <stdio.h> #include <stdlib.h> int main(void) { int fd; #ifdef UNVEIL_MOTD if (unveil("/etc/motd", "r") < 0) perror("unveil"); #endif if (unveil(NULL, NULL) < 0) perror("unveil"); for (;;) { if ((fd = open("/etc/motd", O_RDONLY, 0)) < 0) perror("open"); else close(fd); sleep(1); } } <------ When I run it without UNVEIL_MOTD, meaning my first (and last) unveil was NULL, NULL.. it doesn't deny /etc/motd reads. beta$ cc -g -o unveiltest unveiltest.c beta$ ./unveiltest ^C beta$ ps ax | grep unveiltest 21482 pg S+ 0:00.10 ./unveiltest 98206 ph R+/3 0:00.00 grep unveiltest And when I recompile with UNVEIL_MOTD same behaviour: beta$ cc -g -DUNVEIL_MOTD -o unveiltest unveiltest.c beta$ ./unveiltest ^C except there is a difference in the ps listing: beta$ ps ax | grep unveiltest 40907 pg S+U 0:00.01 ./unveiltest 40013 ph R+/2 0:00.00 grep unveiltest Am I interpreting unveil manpage wrong or is it written wrong? I did have a first call to unveil in the first example only it's NULL, NULL, me telling the system I don't want anything opened at all. Is there any way to do that? Or is that pledge()'s job? Another weird one I have is that I call unveil() to a path but chroot() later, then call unveil(NULL, NULL) and the ps flag doesn't indicate the U flag. Is because of the chroot() the unveil lost? Best regards, -peter